TrickBot is a traditionally Windows based crimeware botnet that has been utilized by threat actors since 2016. It performs a wide range of malicious activities on target networks, including credential theft and as a conduit to perpetrate ransomware attacks. Due to the efforts of Microsoft and US Cyber Command, over 90% of TrickBot’s command and control (C2) servers have been eliminated. TrickBots’s authors have since moved portions of their code to Linux in attempt to widen the scope of victims. A TrickBot backdoor framework called Anchor was discovered in 2019 using the DNS protocol to secretly communicate with C2 servers. In July, a variant dubbed Anchor_DNS was discovered being ported to a Linux backdoor version called Anchor_Linux. Even after the initial takedown of the TrickBot, Microsoft expected the threat actors to attempt to continue their operation.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security